back to article He's not cracked RSA-1024 encryption, he's a very naughty Belarusian ransomware middleman

A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim's bill. Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it's "the only company that …

  1. Modeller

    I do not see why this service would be considered "unethical". Suppose your files get encrypted, do you want to deal with the ransomware operators yourself? Do you know where to get and how to send Bitcoins? Do you have a guarantee that your files will be decrypted after you part with the cash?

    Here are your reasons to employ a middleman. Besides, what is so shocking in the fact that he identifies himself? Do you want a service from a real person or from some anonymous bloke?

    1. Mark 85 Silver badge

      I'm wondering the same thing. Obviously, the miscreants trust him or he wouldn't get the "contracts" to do this. Politics and business make for strange bedfellows. It could be the guy is honest and for a price is happy to help.

    2. User McUser

      It's unethical because they don't tell you that they are a go-between or escrow service - they imply that they can somehow decrypt your files themselves. From the article:

      Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it's "the only company that specializes in decrypting files", urging users: "Call – we will help!"

      So if you want your files back but don't wish to fund evildoers this would appear to be an alternative solution. Except, of course, that it isn't that at all.

    3. Pascal Monett Silver badge

      Re: I do not see why this service would be considered "unethical"

      This scum is surfing on the efforts of other scum and lying about what he does.

      That right there means unethical to me.

      1. Anonymous Coward
        Anonymous Coward

        Re: I do not see why this service would be considered "unethical"

        You mean in the same way that doctors charge people in pain and suffering to relieve that pain and suffering?

    4. phuzz Silver badge

      "I do not see why this service would be considered 'unethical'"

      For me, it's not that he's acting as a middleman, that's something I can see me having to do if a friend came to me with a ransomware problem. It's that he's pretending that he's cracking the encryption himself, and then he's putting a massive price hike on top. If he was being up front with his customers then I personally wouldn't have a problem with it.

      1. Dr. Mouse Silver badge

        Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it's "the only company that specializes in decrypting files", urging users: "Call – we will help!"

        While I admit that I've not seen the full claims directly, from this quote it doesn't appear that he is making any false claims. He is not saying that he cracks the encryption, but that he decrypts the files. This is what he does: he buys the keys from the ransomware creator and decrypts the files for his client.

        What he is doing is still sort of unethical (he's not very clear about what he does, and it would be understandable for the client to assume he was cracking the encryption), but he is basically acting as a consultant. The client pays him to procure the keys and decrypt their data with them, just as a person may pay someone to buy the components and build a PC for them. It's dodgy only because he's not up front about how he decrypts the data.

  2. anthonyhegedus Silver badge

    I think the point is that the company describes itself as being able to decrypt files. It would probably be just as successful if they explained that they're the middleman and will deal with the blackmailer on your behalf, and then come and make a site visit and get your files back. Yes, it saves all that horrible bitcoin nonsense from affecting the victim. It's a good idea from that standpoint. You pay £1000 for doing it yourself our £2000 for someone to do it for you.

    As to whether it's a good idea in the big scheme of things, that's a different matter.

    1. doublelayer Silver badge

      It is, at least, false advertising. Given that this person does not actually decrypt anything, it is useless against any version of ransomware where the ransom doesn't help (quite a few of them). In addition, it is unethical to find the actual cost and then to multiply that by 10; that's not what an honest or ethical broker would do. While a broker that was up front about being a broker and what the fee would be would be doing so ethically, it's also a pointless thing and a very bad idea.

  3. Persona Silver badge


    He is simply a broker. There are good reasons to use a broker who has been around awhile and understands the business rather than dealing directly with the end party whom you have no reason to trust. A broker always gets commission for his services either by charging a fee or pressing the supplier for the discount he knows he can get, and often both! As for cracking RSA-1024, the only practical way of doing this is to "obtain" a copy of the private key.

    1. Anonymous Coward
      Anonymous Coward

      Re: Broker

      > "He is simply a broker."

      More correctly, he is a fence. People's stuff gets stolen, and the theves sell it to the fence, who re-sells it at a profit. The only difference with a traditional fence is that this stolen data, not money or objects, and is usually worthless to anyone but the victim. Still, it is reselling stolen goods at a profit.

  4. Throatwarbler Mangrove Silver badge

    I see the Russian trolls are out

    Here's why it's unethical (a quick primer for the ethically challenged, stupid, or willfully ignorant): he is deceiving his customers about what he is actually doing by pretending to perform one action while actually doing another. Additionally, one reason for using a service like this would presumably be to avoid paying the actual scammers. The customer might think it's better to pay an additional surcharge to keep the initial wrongdoers from profiting, but her or she instead winds up paying two grifters instead of one.

    That is why it's unethical.

    1. Anonymous Coward
      Anonymous Coward

      Re: I see the Russian trolls are out

      "pretending to perform one action while actually doing another"

      Getting hold of the key is invariably the easiest and best way of defeating a.k.a. cracking encryption.

    2. GnuTzu Silver badge

      Re: I see the Russian trolls are out -- of Rented Jets

      "...for the ethically challenged..."

      I knew a guy who was truly ethically challenged. He would out-and-out say that it would be perfectly fine if certain things were not revealed. He used to do one of those infomercials selling money making schemes. He'd rent business jets and present them as his own in his infomercial, along with other shady claims. And yes, he went to jail. And not, no one in my family who knew him is in touch with him, as it's all just too damn disgusting.

      It's not about whether you can or cannot be a broker of sorts; it's about misrepresentation and fraud. What you sell must be what you claim it to be (or at least sufficiently to stand up in court); and if you're going to omit certain facts, you better be very careful what facts you omit. I am not a lawyer, but some of you might what to get educated on some of this stuff before the law comes knocking on your door.

    3. Anonymous Coward
      Anonymous Coward

      Re: I see the Russian trolls are out

      More simply, it fails the 'does it seem likely I'd get in trouble for this?' test.

    4. GunstarCowboy

      Re: I see the Russian trolls are out

      If you accept the fact that he's a grafter. Which he's not. He just keeps his methods secret.

      You get your data back, which is the point. If he kept the money and ran, then you'd have a point, but he doesn't, so you don't.

  5. Anonymous Coward
    Anonymous Coward

    Blood diamond? Looks clear to me

    Keebler Elves don't make your cookies, Middlemen in Belarus don't independently decrypt RSA-1024.

    But effectively the cookies taste good and the randomware is defeated.

    1. Rogerborg 2.0

      Re: Blood diamond? Looks clear to me

      > the randomware is defeated

      Appeased. See, I didn't pay any Danegeld, it went to a Belarusian.

  6. Anonymous Coward
    Anonymous Coward

    Re: The Need For Speed

    Here's an interesting concept.. if what he's doing is immoral BUT not illegal, what's to stop me setting up a bonafide company offering brokerage services between a crypto victim and the miscreants?!

    1. Saruman the White

      Re: The Need For Speed

      Depends on which country you are operating in. Since the miscreants are are encrypting peoples files and then demanding money before they *might* give you the key to decrypt them, under UK law they are committing blackmail (or technically, "demanding money with menaces"). If you set up a brokerage company like you describe, you could end up being charged as an accessory to the blackmail, since you are clearly profiting from the actions of the bad guys even though you are not performing the blackmail yourself.

      1. Pascal Monett Silver badge

        Wait a minute, if he's clearly indicating that he is willing to deal with the scum on the victim's behalf, he should be in the clear from the point of view of the law. He's offering his services, he's not imposing them, and he's honest about what he will be doing.

        If you accept that, the law has no to say against it.

        1. doublelayer Silver badge

          Maybe, although this depends on the nation's laws. But that's all moot because he DOESN'T tell his customers that. He'll be very honest when telling the ransomware people that, but his customers are under the misapprehension that he is cracking keys in a more honest way, which is probably why they pay him.

        2. GunstarCowboy

          In Belarus, there is no law.

  7. EJ

    Next you're going to tell me...

    ... that he's not a real doctor.

  8. Anonymous Coward
    Anonymous Coward

    If this was illegal ...

    a lot of mobile resellers would be in jail ....

  9. astounded1

    Hi, I'm Admiral Clepto...

    Dr. Shifro is in my group therapy session. We suggested to him that he has a valid business model and that he should be open about the fact that he can get your encrypted stuff decrypted - for a fee on top of the ransom request.

    In some places they call this kind of shit being a lawyer...

  10. Phil Endecott Silver badge

    £300,000 / 2 years is the bit that gets me.

    I’m sure plenty of people with “honest” techie jons would be tempted.

    1. Anonymous Coward
      Anonymous Coward

      That's turnover not profit. Most of that bitcoin goes to the ransomware creators.

      1. defiler Silver badge

        Aye - that's turnover. They said that he'd added $1000 to the price, and the 155000 Rubles comes to $2300, so just less than 50% is his cut.

        Still clearing $65000 a year, though. Tax-free. I certainly wouldn't grumble about that...

  11. Herby


    Basically what he was doing. It has been done in several instances before. One instance, a programmer who was "contracted" to do a job, found someone else to do the job "cheaper". The contractor sat back and collected the difference (ElReg even reported this).

    Entrepreneurial initiative at its best.

    No, I do not condone it. The procedure is a very good example if "slime"

    1. Andy The Hat Silver badge

      Re: Outsourcing??

      Traditionally known as sub-contracting.

      Company scams individual, third party sets up to make a load of dosh 'correcting' that wrong by annoying punters, talking to the third party and raking off the cream for doing bugger all. Sounds like a PPI claim company to me, except the Doctor is potentially providing a bitcoin conversion service that average Joe doesn't have ... Morally I don't think they're far apart.

  12. Potemkine!

    If "unethical" meant "illegal", many lawyers, bankers or mechanics would be in jail.

    1. Anonymous Coward
      Anonymous Coward

      Many of them are.

    2. Anonymous Coward
      Anonymous Coward

      "Or mechanics"?

      Mechanics (or more recently, vehicle technicians) are seldom unethical, Service receptionists / advisers, call centre staff and Service managers under the cosh of performance targets generally are though...

      My favourite 'unethical' service add-on, usually sold by call centres 'because bonus' is the 'emissions control service', 'oil & fuel treatments' or some such wording - not only are these 'treatments' prohibited by most vehicle manufacturers but can be harmful in some engines.

      Fuel additives can negate the benefits of AdBlue or Eloys Powerflex and cause premature wear or failure of HP diesel pumps, oil additives / flushes can cause premature failure of 'wet' timing belts.

      More than once, I have seen technicians directed to use these products against their will, just to put another £29.99 on the bill (and hopefully a HP fuel pump or DPF once the vehicle is out of warranty).

      I think your 'or mechanics' should be replaced with 'and Service advisers'

      1. Anonymous Coward
        Anonymous Coward

        I'm pretty sure I had a mechanic (who had sold me one extra option and smelled blood) deliberately damage my sump plug in order to sell me an expensive repair.

        The oil leak was slow enough that I took it to someone I trusted who re-threaded the sump to a larger size, fitted a larger sump plug and saved the oil into the bargain.

        So yes, I'd say there are unethical everythings. Though I couldn't say that the service manager didn't lean on him to do it.

        1. Anonymous Coward
          Anonymous Coward

          "deliberately damage my sump plug in order to sell me an expensive repair"

          Most likely the damage was done by over-enthusiastic tightening (as opposed to applying the correct torque) the sump plug at the last oil change, repairing the sump is never a manufacturer authorised repair so the tech would be recommending the correct repair if it was a franchised dealer. Obviously your vehicle means it's your choice, I have known repairs like that to be done as 'goodwill' if the vehicle has always been serviced within the dealer network - if the owner pushes enough....

          1. defiler Silver badge

            over-enthusiastic tightening

            Old British motorbikes used to use the TAF standard - Tight As Fuck. Then those bloody Japanese turned up with their reliable, fast bikes, all built to specific tolerances, and forced us all to actually think before applying a spanner.

            I once cracked the oil cooler on my old Yamaha XJ - it was leaking very slightly, but just needed a new copper washer. I just needed to get home after rock-climbing. Blindly applying force without a torque-wrench once your arms are very warmed up, on a soft-metal component of substantial replacement cost is a damn fool idea. One clear "ping" later, and I had to ride home with waterproof overtrousers on.

            No, this little nostalgia trip has absolutely nothing to do with the story. I'm just avoiding dealing with work.

  13. ShortLegs

    But is it unethical, let alone illegal?

    K&R consultancy is an established, respectable market. Senior executives and wealthy individuals often carry K&R insurance; in the unfortunate scenario of being kidnapped, the insurance carrier pays for a specialist K&R company to negotiate the release of a victim. Kidnappers - allegedly - prefer dealing with such individuals as they know that they will be paid, there will be no Police involvement, and that a payment will be made (at low risk to them).

    This is little different. And I suspect, if Dr Shifro's track record is >50%, that the miscreants behind Dr Shifro prefer to deal with him; if he is contacting them then they know the victim has paid, and that it is in their long-term "business" interests to provide the key.

    Untasteworthy business, but Dr S can be considered the IT equivalency of a K&R consultant.

    What is at fault is the marketing/advertising of the provided "service". Change that, and the business is legitimate.

    1. doublelayer Silver badge

      The business may be legitimate, but it doesn't start being a good idea. For hostage situations, these consultants can actually mediate with the abductors. For ransomware, the business is essentially just paying the ransom, with the only additional service provided being converting to bitcoin for the user. That's not worth this or any markup, and it doesn't fix the problem of people paying ransoms when they should not. But I suppose the business could eventually make itself somewhat ethical.

  14. Insert sadsack pun here

    They want to be careful about assuming the identity of the person they found on VK is the real identity of the person who's benefitting from the scam.

    It might well be, but identity theft to register dodgy companies, sign dodgy contracts and open dodgy bank accounts is very common in Russia. If the scammers have prepared this properly right from the start, all of the details uncovered by Check Point might be fraudulently used. On the other hand, maybe they're just lazy and that is their real identity.

    I see from Dr Shifro's website that its clients include children's hospitals, children's medical rehabilitation charities, and a couple of government agencies...

  15. FlamingDeath


    Yes this is unethical

    I suspect the middleman just wants to pay their bills/mortgage and keep a roof over their head and perhaps that of his/her family and you cant blame them, even if it is unethical

    The real unethical thing here is the disingenuous nature of money

    I remember a story about a guy who outsourced his own job to some guy in china and then sat in the office watching cat videos while the chinese guy did all the work for a lesser fee

    He was commended for is ingenuity.

    Can you see the point I am making here?

    There is a connection if you look hard enough

    Ethics is a woolly subject, just like the law

    Example, the Iraq war was illegal

    Then it wasnt

    Attorney general changed their mind



POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020